DESCRIPTION

.cloginrc contains configuration information for alogin(1), blogin(1),
clogin(1), elogin(1), flogin(1), hlogin(1), htlogin(1), jlogin(1),
nlogin(1), nslogin(1), rivlogin(1), and tntlogin(1), such as usernames,
passwords, ssh encryption type, etc., and is read at run-time.
Each line contains either white-space (blank line), a comment which
begins with the comment character '#' and may be preceded by white-
space, or one of the directives listed below.
Each line containing a directive is of the form:
add <directive> <hostname glob> {<value>} [{<value>} ...]
or
include {<file>}
Note: the braces ({}) surrounding the values is significant when the
values include TCL meta-characters. Best common practice is to always
enclose the values in braces. If a value includes a (left or right)
brace or space character, it must be backslash-escaped, as in:
add user <hostname glob> {foo\}bar}
add user <hostname glob> {foo\ bar}
As .cloginrc is searched for a directive matching a hostname, it is
always the first matching instance of a directive, one whose hostname
glob expression matches the hostname, which is used. For example;
looking up the "password" directive for hostname foo in a .cloginrc
file containing
add password * {bar} {table}
add password foo {bar} {table}
would return the first line, even though the second is an exact match.
.cloginrc is expected to exist in the user's home directory and must
not be readable, writable, or executable by "others". .cloginrc should
be mode 0600, or 0640 if it is to be shared with other users who are
members of the same unix group. See chgrp(1) and chmod(1) for more
information on ownership and file modes.

DIRECTIVES

The accepted directives are (alphabetically):
addautoenable<routernameglob>{[01]}
When using locally defined usernames or AAA, it is possible to
have a login which is automatically enabled. This is, that user
has enable privileges without the need to execute the enable
command. The router's prompt is different for enabled mode,
cyphertype defines which encryption algorithm is used with ssh.
A device may not support the type ssh uses by default. See
ssh(1)'s -c option for details.
Default: {3des}
addenableprompt<routernameglob>{"<enableprompt>"}
When using AAA with a Cisco router or switch, it is possible to
redefine the prompt the device presents to the user for the
enable password. enableprompt may be used to adjust the prompt
that clogin should look for when trying to login. Note that
enableprompt can be a Tcl style regular expression.
Example: add enableprompt rc*.example.net {"\[Ee]nter\ the\
enable\ password:"}
Default: "\[Pp]assword:"
addenauser<routernameglob>{<username>}
This is only needed if a device prompts for a username when
gaining enable privileges and where this username is different
from that defined by or the default of the user directive.
addidentity<routernameglob>{<sshidentityfilepath>}
May be used to specify an alternate identity file for use with
ssh(1). See ssh's -i option for details.
Default: your default identity file. see ssh(1).
addmethod<routernameglob>{ssh}[{...}]
Defines, in order, the connection methods to use for a device
from the set {ssh, telnet, rsh}. Method telnet may have a
suffix, indicating an alternate TCP port, of the form ":port".
Note: Different versions of telnet treat the specification of a
port differently. In particular, BSD derived telnets do not do
option negotiation when a port is given. Some devices, Extreme
switches for example, have undesirable telnet default options
such as linemode. In the BSD case, to enable option negotiation
when specifying a port the method should be "{telnet:-23}" or
you should add "mode character" to .telnetrc. See telnet(1) for
more information on telnet command-line syntax, telnet options,
and .telnetrc.
Example: add method * {ssh} {telnet:-3000} {rsh}
Which would cause clogin to first attempt an ssh connection to
the device and if that were to fail with connection refused, a
telnet connection to port 3000 would be tried, and then a rsh
connection.
Note that not all platforms support all of these connection
addpassphrase<routernameglob>{"<SSHpassphrase>"}
Specify the SSH passphrase. Note that this may be particular to
an identity directive. The passphrase will default to the
password for the given router.
Example: add passphrase rc*.example.net {the\ bird\ goes\ tweet}
addpassprompt<routernameglob>{"<passwordprompt>"}
When using AAA with a Cisco router or switch, it is possible to
redefine the prompt the device presents to the user for the
password. passprompt may be used to adjust the prompt that
clogin should look for when trying to login. Note that
passprompt can be a Tcl style regular expression.
Example: add passprompt rc*.example.net {"\[Ee]nter\ the\
password:"}
Default: "(\[Pp]assword|passwd):"
addpassword<routernameglob>{<vtypasswd>}[{<enablepasswd>}]
Specifies a vty password, that which is prompted for upon the
connection to the router. The last argument is the enable
password and need not be specified if the device also has a
matching noenable or autoenable directive or the corresponding
command-line options are used.
addsshcmd<routernameglob>{<ssh>}
<ssh> is the name of the ssh executable. OpenSSH uses a
command-line option to specify the protocol version, but other
implementations use a separate binary such as "ssh1". sshcmd
allows this to be adjusted as necessary for the local
environment.
Default: ssh
addtimeout<routernameglob>{<seconds>}
Time in seconds that the login script will wait for input from
the device before timeout.
Default: device dependent
adduser<routernameglob>{<username>}
Specifies a username clogin should use if or when prompted for
one.
Default: $USER (or $LOGNAME), i.e.: your Unix username.
adduserpassword<routernameglob>{<userpassword>}
Specifies a password to be associated with a user, if different
from that defined with the password directive.
adduserprompt<routernameglob>{"<usernameprompt>"}
important with regard to the order of matching hostnames for a
given directive, as mentioned above. This is useful if you have
your own .cloginrc plus an additional .cloginrc file that is
shared among a group of folks.
If <file> is not a full pathname, $HOME/ will be prepended.
Example: include {.cloginrc.group}